Verification of identity of participant in electronic communication

ABSTRACT

Verifying and authenticating the identity of participants in electronic communication. A primary key generated from a master key is stored at a sending device and a recipient device. Based on the primary key, the sending device generates a passphrase and an associated secondary key, which includes an encrypted form of data enabling the passphrase to be reconstructed. The secondary key is transmitted to the recipient device, which can reconstruct the passphrase by decrypting the secondary key using the primary key. By reconstructing the passphrase, the secondary key verifies that it has used the correct primary key. The identity of a user of a communication device can be verified and authenticated, as well. The user is issued an authorization key, a copy of which is stored at a remote communication device with respect to the user. Using the authorization code, the user selects specified character positions of the passphrase and enters the resulting input code to the local communication device. The input code is transmitted to the remote communication device. Entering the appropriate input code verifies that the user possesses the authorization code.

CROSS-REFERENCE TO RELATED APPLICATIONS

[0001] This application is a continuation of U.S. patent applicationSer. No. 09/192,008, filed Nov. 13, 1998, which is incorporated hereinby reference.

BACKGROUND OF THE INVENTION

[0002] 1. The Field of the Invention

[0003] The present invention relates to securely transmittinginformation over communication networks. In particular, the presentinvention relates to systems and methods for verifying the identity of asender and/or a recipient of information transmitted over acommunication network.

[0004] 2. Relevant Technology

[0005] During recent years, there has been tremendous growth in theamount and types of information that are transmitted between remotelocations using telecommunication networks. For example, the Internethas become widely used in electronic commerce, education, banking,investing, and many other areas. The Internet and other wide area andlocal area networks have greatly enhanced the ability to transmit largevolumes of information between people. While many segments of theeconomy have been transformed by the ongoing communication revolution,the finance industry has been particularly affected. For instance,financial transactions have become increasingly cashless as debit cards,credit cards, smart cards and other techniques for authorizingelectronic transfer of funds have become widely used.

[0006] There are several reasons for the increased use of electronicsystems and telecommunication systems for transmitting information andconducting business. First, data processing speeds have vastly increasedduring recent decades to permit large volumes of information to beprocessed in relatively short periods of time. Likewise, the size, cost,and speed of mass data storage systems have improved, thereby allowinglarge volumes of information to be conveniently stored and accessed. Inaddition, the data transmission rates of telecommunication systems havegrown equally as fast, which permits large amounts of data to be rapidlytransmitted between distant locations.

[0007] There have been some limiting factors that have preventedelectronic communication of information from being fully utilized inmany situations. A persistent problem involves the difficulty ofverifying the identity of participants in electronic communication. Forinstance, it is often difficult to determine whether a person receivinga document via email is, in fact, the intended recipient. Likewise, ithas often proved impossible to conclusively determine whether a personusing a credit card number to execute an electronic transaction is anauthorized user of the credit card. In yet another example, it has oftenbeen difficult to be certain of the identity of a person creating anelectronic document. Thus, in situations where electronically created ortransmitted information is particularly sensitive, in, for example, thebanking and legal industries, electronic communication has not beenpractical or fully accepted. Instead, hand-signed hard copies ofdocuments, conventional hand delivery of documents, and face-to-facetransactions are still widely used, although their electroniccounterparts would often be more efficient were it not for thepersistent security limitations.

[0008] In order to attempt to overcome the aforementioned problems ofidentifying participants in electronic communication, a variety ofapproaches have been taken. Often, information is encrypted before it istransmitted over open communication networks such as the Internet,stored on computer-readable media, or otherwise placed in a positionwhere it could be potentially intercepted by unauthorized users.Transmitted encrypted information can be decrypted if the recipientpossesses the appropriate decryption key. Otherwise, unauthorizedrecipients are unable to view or otherwise use the contents of theencrypted information.

[0009] One commonly used encryption technique is private/public keycryptography, such as RSA, in which each user has a public key publishedfor anyone to see and an associated private key. A sender looks up therecipient's public key and uses it to encrypt the data to betransmitted. The recipient uses the secret, private key to decrypt theinformation. While the private/public key approach provides reasonablysecure transmission in may circumstances, it has several drawbacks. Theuse and maintenance of the private and public keys can be quiteexpensive for organizations. Moreover, if the security of the privatekey is breached, new private and public keys must be created, with thenew public key being published to all interested users, and the oldpublic key being invalidated, wherever it might exist.

[0010] Another approach to maintaining the security of electronicinformation involves using passwords to identify users of computernetworks, recipients of information, etc. For instance, informationtransmitted over a communication network to a recipient may be passwordprotected, in that it may not be decrypted, decompressed, or otherwiseplaced in a usable form unless the recipient possesses a specifiedpassword. In other situations, passwords are required to gain access tocomputer networks in the first instance. Typically, when a user logsonto a computer network, the user is prompted to enter a password thatenables the user to gain access to resources of the computer network.

[0011] The basic concept underlying passwords is that any personpossessing the password is assumed to be authorized to access particularinformation or perform selected operations. In practice, however, it hasbeen found that passwords are often the weak link in an electronicsecurity system. Sometimes, network users select passwords such asbirthdays or names of family members that could be easily guessed byunauthorized persons. In other situations, users write their password inplain sight, such as on a note affixed to a computer monitor. Suchpractices essentially negate the security advantages of passwords.Furthermore, particularly persistent persons could intercept a user'spassword by memorizing a series of a few keystrokes while observing theuser entering a password into a computer. Thus, many businesses requireemployees to regularly change their passwords in an attempt tostrengthen network security systems. In any event, it has been foundthat unauthorized persons often successfully obtain users' passwords,thereby compromising any security measures associated with thepasswords.

[0012] A related security technique is the use of personalidentification numbers (PINs) in electronic commerce and othersituations. A PIN is a number assigned to or selected by a cardholder,for example, in order to verify the identify of a person attempting toexecute a transaction. PINs are widely used in automatic tellermachines, credit and debit card readers, electronic commerce websites,and other situations where electronic funds transfer is to be initiated.Likewise, access numbers, which are analogous to PINs, are widely usedin businesses, the military, and other organizations having sensitivebuildings or areas. Persons wishing to gain access to sensitivebuildings or areas must enter an access number to an access controldevice that permits entry only to authorized persons. Like passwords,PINs and access codes are subject to being stolen or otherwise obtainedby unauthorized individuals. Because PINs are generally static or, inother words, remain usable in multiple transactions, they are sometimesstolen by an unauthorized person watching a PIN being entered into akeypad.

[0013] In view of the foregoing, electronic communication and creationof information has been limited in many situations by the failure ofconventional security measures to reliably permit the identity ofparticipants to be verified. Thus, it would be an advancement in the artto provide systems and methods for both verifying and authenticating theidentity of participants in electronic communication that do not merelyrely on password protection, PINs, or public key/private key encryption.

BRIEF SUMMARY OF THE INVENTION

[0014] The present invention relates to systems and methods forverifying and authenticating the identity of participants in electroniccommunication. The invention replaces or supplements the reliance thatconventional systems place on passwords to verify the identity ofparticipants in electronic communication. In addition, the inventionreplaces or supplements the reliance that conventional systems place onPINs and access codes to identify users of communication devices or theauthorization of such persons to access resources.

[0015] In one implementation, a primary key is stored at a sendingdevice and at a recipient device. The primary key and the other keys andpassphrases can include a string of characters. The sending devicegenerates a passphrase and an associated secondary key. The secondarykey represents an encrypted form of the reconstruction capability of thepassphrase that has been encrypted based on the contents of the primarykey. The secondary key is transmitted from the sending device to therecipient device when electronic communication is to be performed. Therecipient device decrypts the secondary key using the primary key toreconstruct the passphrase. Reconstructing the passphrase can only beperformed by recipient devices that possess the primary key.Accordingly, reconstruction of the passphrase demonstrates that therecipient device has received the secondary key and possesses thecorrect primary key. The passphrase can then be transmitted in return tothe sending device or can be used locally at the recipient device toaccess documents that have been passphrase-protected or to accessresources that are conventionally accessible by using passwords.

[0016] The invention replaces conventional passwords in the foregoingmanner. The passphrases differ from conventional passwords in that thepassphrases are dynamic. A new passphrase and associated secondary keycan be generated each time electronic communication is conducted.Accordingly, passphrases are not memorized by users, nor are they storedpermanently in the memory of recipient devices. As such, passphrases arenot subject to misappropriation by unauthorized persons who mightotherwise memorize keystrokes associated with passwords or discover awritten copy of a password.

[0017] Verification of the identity of a human user of a communicationdevice is accomplished by combining the passphrases of the inventionwith an authorization code memorized by the user. The authorization coderepresents an ordered series of character positions of the passphrase.When prompted, the user selects the characters of a displayed passphrasethat reside at the character positions specified by the authorizationcode. The user then uses the selected characters to generate andtransmit an input code to a remote communication device. The secondarykey with its associated passphrase and the authorization code are storedat the remote communication device, thereby permitting the remote deviceto determine the expected input code. Users who do not possess theauthorization code are unable to generate the expected input code. Thus,when the remote device receives an input code that matches the expectedinput code, it concludes that the user has been verified and isauthorized to gain access to information or other resources.

[0018] The input codes and associated authorization codes can be used insituations that otherwise require the use of PINs or access codes. Inthis manner, the input codes replace conventional PINs. The specificcontent of any particular input code depends on the passphrase fromwhich it is derived. Since passphrases typically change with eachtransaction, the input codes used in successive transactions aredifferent one from another. In contrast, PINs are static, with the samePIN being used in multiple transactions. Thus, input codes are notsubject to many of the security risks involved with static PINs, such asinterception by unauthorized persons observing a PIN being entered by auser.

[0019] The primary key, on which the secondary keys and passphrases arebased, can be conveniently replaced as desired. For instance, if aclient computer having stored thereon a copy of the primary key isstolen, the security of the particular primary key may be compromised.However, a new primary key can easily be generated in response to thepossible breach of primary key security. Once the new primary key isgenerated and stored at the sending and recipient devices, the inventioncan be practiced as if the security of the key had never been breached.In contrast, conventional public/private key cryptology is not capableof responding in a cost-effective manner to the security of a privatekey being compromised. If a conventional PKI private key is published,the owner of the private key can be subjected to the significant expenseof obtaining a new public/private key combination and making the newpublic key available to interested users, plus invalidating the oldpublic key wherever it resides.

[0020] Subsequent communication between the sending device and therecipient device can include a document that is passphrase-protected aswell as encrypted with a symmetrical encryption algorithm using the samegenerated passphrase. In other words, the recipient of thepassphrase-protected document must obtain the passphrase to access thedocument.

[0021] Additional objects and advantages of the invention will be setforth in the description which follows, and in part will be obvious fromthe description, or may be learned by the practice of the invention. Theobjects and advantages of the invention may be realized and obtained bymeans of the instruments and combinations particularly pointed out inthe appended claims. These and other objects and features of the presentinvention will become more fully apparent from the following descriptionand appended claims, or may be learned by the practice of the inventionas set forth hereinafter.

BRIEF DESCRIPTION OF THE DRAWINGS

[0022] In order that the manner in which the above-recited and otheradvantages and objects of the invention are obtained, a more particulardescription of the invention briefly described above will be rendered byreference to specific embodiments thereof which are illustrated in theappended drawings. Understanding that these drawings depict only typicalembodiments of the invention and are not therefore to be consideredlimiting of its scope, the invention will be described and explainedwith additional specificity and detail through the use of theaccompanying drawings in which:

[0023]FIG. 1 is a schematic diagram illustrating the use of primarykeys, secondary keys, and passphrases to securely communicate between asending device and a recipient device according to the invention.

[0024]FIG. 2a is a schematic diagram depicting a passphrase-protecteddocument being sent from a sending device.

[0025]FIG. 2b is a schematic diagram illustrating thepassphrase-protected document of FIG. 2a being received by a recipientdevice.

[0026]FIG. 3 is a schematic diagram illustrating a series of primarykeys distributed among a server and multiple clients in a networkenvironment in order to permit selective communication between theserver and individual clients.

[0027]FIG. 4a is a schematic diagram showing the methods of theinvention for verifying and authenticating the identity of a participantin electronic communication as applied to a financial transaction.

[0028]FIG. 4b is a schematic diagram depicting one example of the use ofan authorization code and a passphrase to verify and authenticate theidentity of a participant in electronic communication.

[0029]FIG. 4c is a schematic diagram further illustrating the enablementof a financial transaction based on the use of an authorization code anda passphrase.

[0030]FIGS. 5a and 5 b are flow diagrams illustrating methods of theinvention for verifying the identity of participants in electroniccommunication.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS

[0031] The present invention relates to systems and methods forverifying and authenticating the identity of participants in electroniccommunication. Participants can include computers, telecommunicationsdevices, or the human users of computers or telecommunication devices.In one embodiment, communication between a sending communication deviceand a recipient communication device can be regulated using theinvention. A primary key is stored at both the sending device and at therecipient device. The sending device generates a passphrase recreatingprocess and an associated secondary key. The secondary key represents anencrypted form of the passphrase recreating process that has beenencrypted based on the contents of the primary key. Subsequentcommunication between the sending device and the recipient device caninclude a document that is passphrase-protected and/or symmetricallyencrypted using the generated passphrase. In other words, the recipientof the passphrase-protected document must obtain the passphrase toaccess the document.

[0032] The passphrase-protected document is transmitted from the sendingdevice to the recipient device along with a copy of the secondary key.The recipient device, which possesses the primary key, uses the primarykey to decrypt the secondary key, thereby reconstructing the passphrase.The reconstructed passphrase can then be used to access the document.Other recipients, such as unauthorized persons who might intercept thepassphrase-protected document, do not possess the primary key and cannotreconstruct the passphrase. In subsequent communication between thesending and recipient devices, new passphrases and associated secondarykeys can be generated. Accordingly, the passphrases of the invention canbe dynamic in the sense that they can change with each transaction,unlike conventional passwords, which are used repeatedly.

[0033] In one embodiment, the invention includes features for furtheridentifying a user operating either the sending device or the recipientdevice. Each user is assigned or chooses an authorization code, whichincludes an ordered series of character positions of the passphrases tobe used in the electronic communication. A copy of the authorizationcode is stored at the communication device (i.e., the sending orrecipient device) that is remote with respect to the user. Whencommunication is to be conducted, the user is shown a copy of thepassphrase and instructed to select the characters thereof that resideat the character positions specified in the authorization code. Theidentity of the characters selected using the authorization code istransmitted to the remote communication device, which can then verifywhether the user possesses the correct authorization code. Unlikeconventional PINs, which are static, the authorization codes of theinvention result in a completely different set of characters beingselected in every transaction, based on the changeable nature of thepassphrases of the invention.

[0034] As used herein, the terms “sending device” and “recipient device”are used to describe communication devices that transmit electronicinformation. Of course, in many situations, electronic communication istwo-way. Thus, a specific communication device can alternatingly be seenas a sending device and a recipient device. While some of the specificembodiments of the invention are disclosed in the context of identifyinga recipient device or the user of a sending device, the invention isequally applicable to identifying either or both of the sending deviceand the recipient device, and any users thereof.

[0035] Embodiments of the invention include or are incorporated incomputer-readable media having computer-executable instructions or datastructures stored thereon. Examples of computer-readable media includeRAM, ROM, EEPROM, CD-ROM or other optical disk storage, magnetic diskstorage or other magnetic storage devices, or any other medium capableof storing instructions or data structures and capable of being accessedby a general purpose or special purpose computer. Computer-readablemedia also encompasses combinations of the foregoing structures.Computer-executable instructions comprise, for example, instructions anddata that cause a general purpose computer, special purpose computer, orspecial purpose processing device to execute a certain function or groupof functions. The computer-executable instructions and associated datastructures represent an example of program code means for executing thesteps of the invention disclosed herein.

[0036] The invention further extends to computer systems andtelecommunication systems for verifying the identity of participants inelectronic communication. Those skilled in the art will understand thatthe invention may be practiced in computing environments with many typesof computer system configurations, including personal computers,multi-processor systems, network PCs, minicomputers, mainframecomputers, and the like. The invention will be described herein inreference to a distributed computing environment, such as the Internet,where tasks are performed by remote processing devices that are linkedthrough a communication network. In the distributed computingenvironment, computer-executable instructions and program modules forperforming the features of the invention may be located in both localand remote memory storage devices.

[0037]FIG. 1 illustrates an example of the architecture of communicationnetwork in which the identity of a recipient device will be verified. Asused herein, sending devices and recipient devices are to be broadlyconstrued to extend to any general purpose computer, special purposecomputer, processing device, telecommunication device, and the like thatis used to transmit or receive information.

[0038] In FIG. 1, sending device 10 is linked to recipient device 12 bymeans of communication network 14. Communication network 14 may be anywide area or local area network by which special-purpose orgeneral-purpose computers communicate one with another. In addition,communication network 14 may be a public telephone network or any othersystem that permits communication between telecommunication devices.Those skilled in the art will recognize that the invention describedherein has wide applicability to a variety of implementations and is notto be limited to the specific embodiments disclosed herein.

[0039] One part of the techniques for enabling verification of theidentity of the participant in electronic communication involves astoring a copy 16A of a primary key at sending device 10 and a copy 16Bof the primary key at recipient device 12. In one embodiment, primarykeys, the secondary keys, the passphrases, and the master keys disclosedherein include a string of characters. The characters of the primarykeys, secondary keys, passphrases, and master keys can be alphanumeric,ASCII, alphabetic, numeric, or any other desired characters orcombination of the foregoing.

[0040] In the embodiment of FIG. 1, sending device 10 includes a keygeneration module 18. Key generation module 18 includes processing meansfor generating a secondary key 20A and a passphrase 22A based at leastin part on the contents of primary key 16A. For instance, key generationmodule 18 can include algorithms for selecting a passphrase 22A that isderived from primary key 16A. The passphrase generated by key generationmodule 18 will be different each time sending device 10 is used. In theembodiment of FIG. 1, passphrase 22A can be a string of seven charactersthat can be used later to enable a user of recipient device 12 to accessinformation transmitted over communication network 14, or to otherwiseverify the identity sending device 10, recipient device 12, or users ofthe devices. In other embodiments, the length of the string ofcharacters that constitute the passphrases of the invention can beshorter or longer.

[0041] As shown in FIG. 1, key generation module 18 generates passphrase22A. Key generation module 18 also generates secondary key 20A, which inthis embodiment, includes an encrypted form of the string of charactersthat constitute passphrase 22A. In other words, secondary key 20Aincludes the information needed to enable one who possesses primary key16 to decrypt or otherwise reconstruct passphrase 22. Therefore, arecipient of secondary key 20 who possesses primary key 16 and theappropriate decryption algorithm can reconstruct passphrase 22.Accordingly, key generation module 18 can include algorithms forencrypting the string of characters that constitute passphrase 22 togenerate secondary key 20. Those skilled in the art will understand,when learning of the disclosure made herein, how to construct theprimary keys, the secondary keys and the passphrases of the inventionand how to create the algorithms included in the key generation module.

[0042] As shown in FIG. 1, secondary key 20A is transmitted overcommunication network 14 to recipient device 12. Thus, as shown in FIG.1, recipient device 12 obtains a copy 20B of secondary key. Recipientdevice 12 includes a passphrase reconstruction module 24 that usessecondary key 20B and primary key 16B to reconstruct passphrase 22.Thus, recipient device 12 is capable of reconstructing a copy 22B of thepassphrase when it receives secondary key 20B over communication network14. Since secondary key 20B includes an encrypted form of thereconstruction process of passphrase 22, passphrase reconstructionmodule 24 can include the appropriate decryption algorithm to decryptthe passphrase based on the contents of primary key 16B. Thus, thoseskilled in the art will understand how to reconstruct passphrase 22Busing passphrase reconstruction module 24A upon learning of thedisclosure made herein.

[0043] The above-described process of reconstructing passphrase 22B atrecipient device 12 has the effect of verifying that the recipientdevice possesses primary key 16B. Without a copy 16B of the primary key,recipient device 12 is unable to use passphrase reconstruction module 24to reconstruct the appropriate passphrase 22B. Unauthorized recipientsof secondary key 20B cannot generate passphrase 22B. Reconstructingpassphrase 22B at recipient device 12 can have many applications. In theexample illustrated in FIGS. 2A and 2B, the passphrase is used as asubstitute for a password in the transmission of secure documents. Asshown in FIG. 2A, sending device 10 can be used to construct informationto be included in a data transmission 26. For instance, sending device10 can be a personal computer capable of transmitting an e-mail and anattached text document over the Internet.

[0044] In this example, data transmission 26 includes apassphrase-protected document 28 and secondary key 20.Passphrase-protected document 28 is any desired data structure that isto be transmitted from sending device 10 to recipient device 12.Passphrase-protected document 28 can be compressed and/or encryptedusing any desired compression or encryption software or techniques. Byway of example, and not limitation, document 28 can be compressed usingPkzip produced by PKWARE, Inc. or WinZip produced by WinZip, et al.Document 28 is thus encoded in manner such that it will not beaccessible by recipient device 12 unless the recipient device obtainsthe appropriate passphrase 22. Document 28 can be passphrase-protectedby processing the document using conventional password protectionsoftware. For instance, password protection can be performed by thesoftware that encrypts or compresses document 28. From the standpoint ofthe password protection software, passphrase 22 is treated as aconventional password to protect document 28 from unauthorized use.Secondary key 20 and passphrase 22 of FIG. 2A can be generated fromprimary key 16 as described previously in reference to FIG. 1.

[0045] As used herein, the term “passphrase” is defined to include anystring of characters that enable access to electronic information or tocomputer networks or telecommunication networks. Thus, passphrases aresimilar to conventional passwords to the extent that they can enableaccess to information or to networks. However, unlike conventionalpasswords, the passphrases of the invention need not be memorized by auser at recipient device 12 or permanently stored at recipient device.Instead, the passphrases according to this embodiment are generatedusing the primary key at the sending device and are reconstructed at therecipient device as has been described in reference to FIG. 1. Thepassphrases of the invention further depart from conventional passwordsin that a new passphrase can be generated each time data is transmittedfrom a sending device to a recipient device. In contrast, conventionalpasswords are static, with the same password being repeatedly used by auser of a recipient device until the user or a network administratorestablishes a new password.

[0046] As shown in FIGS. 2A and 2B, data transmission 26, includingsecondary key 20 and passphrase-protected document 28, is transmittedfrom sending device 10 to recipient device 12 via communication network14. Upon receiving data transmission 26, a user of recipient device isunable to access passphrase-protected document 28, which is protected bypassphrase 22, until it retrieves secondary key 20 and performs theoperations described in FIG. 2B. In contrast, however, the user ofrecipient device 12 is able to freely access secondary key 20. Forinstance, secondary key 20 may be attached to data transmission 26 as acomment, as a file, or in any other manner that does not require use ofa password or a passphrase. Recipient device 12 then inputs secondarykey 20 and primary key 16 to passphrase reconstruction module 24 toreconstruct passphrase 22. Reconstruction of passphrase 22 can beaccomplished according to the techniques described above in reference toFIG. 1. The reconstructed passphrase 22 is then used to accesspassphrase-protected document 28 as shown in FIG. 2B. For instance, ifthe passphrase-protected document is compressed by Pkzip or WinZipsoftware, the passphrase is inputted to the software as a substitute toa conventional password.

[0047] In the example of FIG. 2A and 2B, the use of secondary key 20 andprimary key 16 to reconstruct passphrase 22 can be accomplished only byrecipient devices 12 that have a copy of primary key 16 stored thereon.Unauthorized recipients of password-protected document 28 are unable toreconstruct password 28.

[0048] One advantage of the invention is understood by contrasting theexample of FIGS. 2A and 2B with conventional password-protectedcommunication. In the absence of the invention, document 28 could beprotected by a password. However, password protection of document 28would require the user of recipient device 12 to enter a conventionalpassword or a prior agreed upon password or to telephone the recipientto divulge the password, or would require the conventional password tobe permanently stored at recipient device 12. The use of conventionalpasswords is inherently insecure, since passwords are often stolen ordivulged to unauthorized persons. In contrast, there is no password tobe memorized or learned by the recipient according to the example ofFIGS. 2A and 2B. A different passphrase can be generated at sendingdevice 10 each time a data transmission 26 is made. Thus, the passphrasetechniques of the invention are dynamic, whereas conventional passwordsare static, in that they are repeatedly used by a user of the recipientdevice.

[0049] The present invention can be adapted to respond to the theft ofrecipient device 12 or the publication of primary key 16 stored thereon.As shown in FIG. 3, the primary keys from which the passphrases andsecondary keys of the invention are generated can be replaced at will.Thus, if the security of any single primary key is somehow breached, thecompromised primary key can be conveniently replaced without undueexpense or effort. In FIG. 3, a server computer 30 is linked with aplurality of client computers 32A-32E by means of communication network14. Server 30 has stored thereon copies of a plurality of primary keys34A-34E that correspond with copies of primary keys A-E (34A-34E) storedindividually on client computers 32A-32E. In this embodiment, theprimary keys are generated using a master key 36 that is stored at asecure location at server 30 or separately therefrom. To illustrate, ifthe security of primary key 34D is breached, primary key 34D can beeasily replaced. For example, master key 36 can generate a new primarykey 34D′, which is transmitted and stored at server 30 and in turn atclient 32D.

[0050]FIG. 3 also illustrates another optional feature of the invention,whereby individuals or subsets of a plurality of clients or otherrecipient devices are assigned different primary keys. Accordingly, if adata transmission similar to data transmission 26 of FIGS. 2A and 2B issent, for example, from server 30 to client 32A of FIG. 3, the datatransmission would be protected by a passphrase generated from primarykey 34A. Clients 34B-34E, which do not possess primary key 34A, would beunable to generate the appropriate passphrase and cannot gain access tothe data transmission. In this manner, the invention provides theflexibility to specify the access credentials of various recipientdevices by disclosing particular primary keys thereto. Moreover, theinvention is flexible enough to permit the convenient replacement of anyprimary key whose security is breached.

[0051] FIGS. 4A-4C illustrate additional features of one embodiment ofthe invention, whereby the identity of a user of a recipient or sendingdevice is tested. As described below, such an embodiment of theinvention provides a dynamic alternative to conventional static PINs andaccess codes. The example of FIGS. 4A-4C illustrates the execution of afinancial transaction using electronic transmission of information overa communication network. In FIG. 4A, a user 140 has been issued a bankcard 142 by a financial institution such as a bank 144. Bank card 142can be a credit card, a debit card, a smart card, or another instrumentfor identifying, verifying, and authenticating (IVA) an account of thefinancial institution and gaining access to the account. While thisembodiment of the invention is described in the context of bank cardsand financial transactions, the techniques disclosed herein for IVA aparty participating in electronic communication can be extended to awide variety of other situations. By way of example and not limitation,the invention can be used to provide IVA access codes to buildings, toIVA the holder of a telephone calling card or identity card (10), and toIVA the recipient of information of a computer network.

[0052] In the example of FIG. 4A, bank card 142 has been issued to user140 with a copy 116A of a primary key stored thereon. A copy of 116B ofprimary key is stored at bank 144. Primary key 116 can be generated andreplaced as described in reference to FIGS. 1-3. When user 140 desiresto execute a transaction using bank card 142, the user swipes the bankcard through ATM 146 or another card reading device. Primary key 116A isinput to key generation module 118 that generates a passphrase 122A anda secondary key 120A. In this manner, ATM 146, key generation module118, passphrase 122, and secondary key 120 are analogous to thecorresponding elements 10, 18, 22, and 20 of FIG. 1.

[0053] ATM 146 transmits secondary key 120A to bank 144 viacommunication network 114. Bank 144 thereby obtains a copy 120B of thesecondary key. As previously disclosed herein, each transaction ortransmission of information can be associated with a new secondary key120 that has been generated by key generation module 118 based onprimary key 116.

[0054] Bank 144 includes a passphrase reconstruction module 124, whichreceives the input of secondary key 120B and primary key 116B toreconstruct a copy of 122B of the passphrase. In this manner bank 144,passphrase reconstruction module 124, secondary key 120B, and primarykey 116B are analogous to the corresponding elements 12, 24, 20B, and16B of FIG. 1.

[0055] It can be appreciated that, in the context of the electronictransaction being executed in FIG. 4A, the primary concern is typicallynot the identity of the receiving device (bank 144), but is instead theIVA of the person operating the sending device (ATM 146). Conventionalsystems often use PINs to attempt to verify that the holder of a bankcard or another instrument is authorized to use the instrument toexecute transactions. However, PINs, which are static in the sense thatthey are repeatedly used to transmit a code to a recipient device inmultiple transactions, can be breached in a variety of ways as has beendisclosed herein. In contrast, user 140 of FIG. 4A is issued anauthorization code 148 by bank 144. The authorization code 148, which isdescribed in greater detail in reference to FIG. 4B below, permits user140 to select and enter an appropriate input code to ATM 146. The inputcodes are dynamic, in that user 140 will enter different transactions ineach of a series of transactions. Authorization code 148 providesinstructions to user 140 that enable the user to select the appropriateinput code for the particular transaction based on the content of thepassphrase.

[0056] Turning now to FIG. 4B, the use of the authorization codes andinput codes is further described. After the user has swiped the bankcard, the ATM or the other card reader provides display 150 to the user.Display 150 prompts the user to enter an input code 152 at the samestage of the transaction as, for example, a PIN would be entered in aconventional electronic transaction.

[0057] In this embodiment, authorization code 148 includes an orderedseries of character positions of the characters included in thepassphrase. In order to further describe the nature of the authorizationcode and its relation to the passphrase and input code, a specificexample is presented in FIG. 4B. In this example, the user has beenissued an authorization code 148A that specifies an ordered series ofcharacter positions that consist of the sixth character position, thefirst character position, and the third character position. The usermemorizes the authorization code, and a copy of the authorization codeis stored at the bank or any other issuing entity as a non-repudiationdevice. When display 150 prompts the user to enter the input code 152,display 150 presents passphrase 122A to the user. In this example,passphrase 122A consists of the characters L-K-E-B-N-J-H and has beengenerated by key generation module 118 of FIG. 4A based on the contentsof primary key 1 16A. Furthermore, passphrase 122A has characterpositions 1-7 illustrated by FIG. 4B. As ATM 146 is repeatedly used toexecute successive electronic transactions, different passphrases 122Awill be generated.

[0058] Returning to FIG. 4B, the user selects the appropriate input codeby applying authorization code 148A to passphrase 122A. In particular,in this example, the user identifies the character residing in the sixthcharacter position of passphrase 122A. In this case, the character is J.The user then presses the appropriate one of input keys 154 of inputdevice 156. In this case, the character J is represented by button 4,which enters the digit 4 as the first digit of input code 152. Likewise,the authorization code is used to select the first and third characterpositions of passphrase 122A. Accordingly, digits 5 and 2 aresuccessively entered using input keys 154 and form the remainder ofinput code 152.

[0059] While the input code in this example is 452, it is highly likelythat a different input code will be selected in subsequent transactions,because a new passphrase 122A will be generated for each transaction. Inthis manner, a static authorization code 148A memorized by the userresults in a different input code in successive transactions. Thisprovides significant advantages, since an unauthorized person cannotmisappropriate the authorization code by memorizing the key strokeentered by the user, in contrast to the problems associated with staticPINs.

[0060] Optionally, as shown in FIG. 4B, display 150 does not display thefourth character position of passphrase 122, although all sevencharacters of the passphrase exist internally in the ATM. Alternatively,any other one or more character positions can be selected to be hiddenfrom view on display 150. However, any such hidden character positionswould be ineligible for use in authorization codes distributed to users.Hiding selected character positions from the view of users provides anadded layer of security and prevents participants in transactions fromlearning the entire passphrase.

[0061]FIG. 4C further illustrates a method according to this embodimentfor using the input code to enable a transaction after the input codehas been entered. User 140 has entered input code 152 to ATM 146 asdescribed above in reference to FIG. 4B. Input code 152 of FIG. 4C istransmitted via communication network 114 to bank 144. Bank 144 therebyobtains a copy 152B of the input code. A copy 148B of the authorizationcode is stored at bank 144. Bank 144 also has a copy 122B of thepassphrase, which was obtained after the user swiped the bank card asshown in FIG. 4A. Bank 144 of FIG. 4C is able to calculate the expectedinput code 152′, which must be received from ATM 146 in order to proceedwith the desired transaction. Expected input code 152′ is generated byapplying authorization code 148B to passphrase 122B in much the samemanner as input code 152 was generated in FIG. 4B. Typically, however,expected input code 152′ of FIG. 4C is generated automatically bycomputer-executable instructions at bank 144.

[0062] After receiving input code 152B, bank 144 can compare receivedinput code 152B with expected input code 152′ using an identityverification module 158. If received input code 152B matches expectedinput code 152′, bank 144 presumes that an authorized person hasinitiated the current transaction. Specifically, received input code152B matches expected input code 152′ only when a person who possessesauthorization code 148 enters the input code at ATM 146. When receivedinput code 152B matches expected input code 152′, a transactionenablement module 160 permits user 140 to proceed with any desiredtransaction.

[0063] If the received input code 152B does not match expected inputcode 152′, any of a number of conditions can be responsible. Forexample, the user may have mistakenly entered an incorrect input code.Instead, an unauthorized user may have attempted to gain access to anaccount. Depending on the nature of the transaction, any appropriateaction can be taken when the received input code 152 b does not matchexpected input code 152′. For instance, the card reader can retain thebank card that has been incorrectly used. In some instances, it may bedesirable to notify law enforcement authorities to investigate.

[0064] The use of the authorization code can be associated with acorresponding emergency code, that when applied to the passphrase togenerate an input code, notifies authorities that the bank card or otherinstrument has been inappropriately used. For example, the authorizationcode 148A (“613”) of FIG. 4B can be associated with an emergency code“316” by reversing the order of the character positions. If the holderof authorization code 148A is ever forced under duress to divulge theauthorization code, the holder has the option of divulging instead theemergency code. If an unauthorized person attempts to access theholder's account using the divulged emergency code, authorities areautomatically notified that the use of the account is unauthorized.

[0065]FIGS. 5A and 5B summarize one embodiment of the methods fordetermining whether a recipient device is authorized to participate inelectronic communication and verifying the identity of the user of oneof the communication devices. In step 202, a master key is used togenerate one or more primary keys. The primary key is stored at thesending device and the recipient device in step 204. When electroniccommunication is to be conducted, a secondary key is generated by thesending device according to the techniques disclosed herein. Thesecondary key can be described as including an encrypted form of thepassphrase reconstruction process that is also generated at the sendingdevice.

[0066] In step 208, the secondary key is transmitted to the recipientdevice, along with any desired electronic communication, that may beencrypted, compressed, or otherwise encoded to be inaccessible by anyrecipient that does not possess or obtain the passphrase. As shown atstep 210, the recipient device, which possesses the primary key,reproduces the passphrase using the primary key and the secondary key.The passphrase then may be used in any desired manner or for any desiredpurpose, such as to gain access to a transmitted or stored document thathas been passphrase-protected by the sending device.

[0067] As shown at decision block 212, the method can proceed todynamically identify the user of a communication device using thepassphrase and the authorization code. If identification of the user isnot desired, the method advances to decision block 214. According todecision block 214, if another electronic communication is to beperformed, the method advances to decision block 216. According todecision block 216, if a new primary key is to be created, the methodadvances again to step 202. New primary keys can be created if there isthere is reason to believe that the security of the primary key at thesending device or the recipient device has been compromised.Alternatively, new primary keys can be created at regular intervals. Ifa new primary key is not needed, the method advances from decision block216 to step 206. Steps 206 and 208 are then conducted so as to create anew secondary key and a new associated passphrase in each successivetransaction or communication.

[0068] Referring now to decision block 212, if verification of theidentity of a user of a communication device is desired, the methodproceeds to step 218 of FIG. 5B. In step 218, the user is prompted toapply an authorization code memorized by the user to the passphrasedisplayed to the user. In 220, the user enters the resulting input code.The input code is then transmitted to the sending device to therecipient device (or vice versa, if the identity of the recipient deviceis to be verified) as shown in step 222.

[0069] The recipient device then determines according to decision block224 whether the input code entered by the user matches the expectedinput code. If the input code is correct, the method proceeds to step226, in which the identity of the user has been both verified andauthenticated. At this stage, any appropriate access to networkresources, financial services, or the like, can be granted. If the inputcode is not correct, the method advances to step 228, in which anyappropriate measures can be taken to restrict access to any resources orcommunication.

[0070] While the methods and systems disclosed herein successfullyreplace conventional passwords and PINs, the invention can beimplemented by layering the security features with conventional securityfeatures. For example, any encryption technology can be supplementedwith the passphrases and other security techniques of the invention tofurther ensure that only authorized persons gain access to information.Another possible password management system that could be replaced bythe invention is a secure fax.

[0071] While the combination of the methods for verifying the identityof a communication device using the primary key and the secondary keywith the methods for verifying and authenticating the identity of a userof a communication device using the passphrase and the authorizationcode can be used advantageously in many cases, the invention may bepracticed using either of the two foregoing aspects of the inventionseparately. For instance, the primary key and the secondary key can beused to determine if a computer receiving an e-mail message isauthorized without using an authorization code to verify the identity ofa user. Conversely, the passphrase and the authorization code can beused to determine whether a participant in an electronic transaction isauthorized without verifying that the card reader (i.e., the sendingdevice) and the bank (i.e., the recipient device) are authorized.

[0072] The present invention may be embodied in other specific formswithout departing from its spirit or essential characteristics. Thedescribed embodiments are to be considered in all respects only asillustrative and not restrictive. The scope of the invention is,therefore, indicated by the appended claims rather than by the foregoingdescription. All changes which come within the meaning and range ofequivalency of the claims are to be embraced within their scope.

What is claimed is:
 1. A method for securely transmitting informationbetween a first device and a second device, comprising the acts of:storing a primary key at the first device and at the second device;encrypting a selected string of characters to generate a secondary keyusing the primary key at the first device; transmitting the secondarykey from the first device to the second device; and reproducing theselected string of characters at the second device by applying theprimary key to the secondary key.
 2. A method as defined in claim 1,further comprising the act of transmitting the reproduced selectedstring of characters from the second device to the first device so as toverify to the first device that the second device possesses the primarykey.
 3. A method as defined in claim 1, further comprising the acts of:transmitting, from the first device to the second device, informationhaving been encoded in a form such that the first device can access theinformation only by applying the selected string of characters to theinformation; and at the second device, applying the selected string ofcharacters to the information so as to access the encoded information.4. A method as defined claim 3, wherein the act of applying the selectedstring of characters comprises the act of entering a passphraseincluding the selected string of characters to a password entry field atthe second device, the password entry field being associated withsoftware for encoding the information.
 5. A method as defined in claim1, further comprising the act of iteratively conducting the acts of:storing a new primary key at the first device and at the second device;encrypting, at the first device, a new string of characters to generatea new secondary key; transmitting the new secondary key from the firstdevice to the second device; and reproducing the new string ofcharacters at the second device by applying the new primary key to thenew secondary key.
 6. A method as defined in claim 1, further comprisingthe acts of: storing a second primary key at the first device and atanother second device; encrypting, at the first device, a second stringof characters to generate a second secondary key; transmitting thesecond secondary key from the first device to the second device; andreproducing the second string of characters at the second device byapplying the second primary key to the second secondary key.
 7. A methodas defined in claim 1, wherein the act of storing the primary key at thefirst device and at the second device comprises the acts of: generatingthe primary key using a master key; and distributing the primary key toboth the first device and the second device.
 8. A method of securelytransmitting information over a communication network from a firstdevice to a second device at a remote location with respect to the firstdevice, comprising the acts of: storing a primary key at the firstdevice and at the second device; generating a secondary key at the firstdevice using the primary key, the secondary key representing apassphrase in an encrypted form, the passphrase including of a selectedstring of characters; transmitting, from the first device to the seconddevice: information having been encoded in a form such that the firstdevice can access the information only by use of the passphrase in anunencrypted form; and the secondary key; applying, at the second device,the primary key to the secondary key so as to reproduce the passphrasein the unencrypted form; and accessing the encoded information at thesecond device using the passphrase.
 9. A method as defined in claim 8,further comprising the act of encrypting the information at the firstdevice, the act of accessing the encoded information comprising the actof decrypting the encoded information.
 10. A method as defined in claim8, further comprising the act of compressing the information at thefirst device, the act of accessing the encoded information comprisingthe act of decompressing the encoded information.
 11. A method asdefined in claim 8, further comprising the acts of: selecting, by a userof the first device, a subset of the characters in the passphrase;entering, by the user, an input code to the first device, the input coderepresenting the selected subset of characters; and transmitting theinput code from the first device to the second device.
 12. A method asdefined in claim 11, further comprising the act of comparing, at thesecond device, the transmitted input code to an expected input code,wherein, a match between the transmitted input code and the expectedinput code indicates to the second device that the user of the firstdevice is authorized to access resources.
 13. A method as defined inclaim 11, wherein the act of selecting a subset of the characters in thepassphrase comprises the act of applying an ordered series of characterpositions specified in an authentication code possessed by the user tothe characters in the passphrase.
 14. At a sending device capable ofcommunicating over a communication network with a recipient, a method ofverifying the identity of the recipient, comprising the acts of: storinga primary key at a sending device; encrypting, at the sending device, aselected string of characters to generate a secondary key by using theprimary key at the first device, wherein the secondary key is capable ofbeing decrypted using the primary key to reproduce the selected stringof characters; transmitting the secondary key over the communicationnetwork to a recipient; and receiving, at the sending device, a copy ofthe selected string of characters from the recipient, so as todemonstrate to the sending device that the recipient is authorized toparticipate in communication with the sending device.
 15. A method asdefined in claim 14, wherein the primary key is stored at the recipient,wherein performance of the act of receiving the copy of the selectedstring of characters from the recipient demonstrates to the sendingdevice that the recipient possesses the primary key.
 16. A method asdefined in claim 14, further comprising the acts of: selecting, by auser of the sending device, a subset of the characters in the string ofcharacters; entering, by the user, an input code to the sending device,the input code representing the selected subset of characters; andtransmitting the input code from the sending device to the recipient.17. A method as defined in claim 16, wherein, if the recipient isauthorized to participate in communication, the act of transmitting theinput code to the recipient enables the recipient to compare thetransmitted input code to an expected input code, wherein, a matchbetween the transmitted input code and the expected input code indicatesto the recipient that the user of the sending device is authorized toaccess resources.
 18. A method as defined in claim 16, wherein the actof selecting a subset of the characters in the string of characterscomprises the act of applying an ordered series of character positionsspecified in an authentication code possessed by the user to thecharacters in the string of characters.
 19. At a recipient devicecapable of communicating over a communication network with a sender, amethod of accessing information transmitted from the sender to therecipient device, comprising the acts of: storing a primary key at arecipient device; receiving a secondary key at the recipient device, thesecondary key having been transmitted over the communication networkfrom the sender; receiving information from the sender, the informationbeing accessible only by application of a selected string of charactersto the information; decrypting the secondary key at the recipient deviceusing the primary key to generate the selected string of characters; andaccessing the information by applying the selected string of charactersto the information.
 20. A method as defined in claim 17, furthercomprising the act of discovering a copy of the selected string ofcharacters within the accessed information, thereby demonstrating to therecipient device that the sender is recognized as being authorized tosend the information.
 21. A method for verifying the identity of a partyparticipating in transmission of information, comprising the steps of:assigning an authorization code to the party, the authorization codespecifying an ordered series of one or more character positions of apassphrase, wherein the passphrase includes a plurality of characters;displaying the passphrase to the party; receiving an input code enteredby the party, the input code representing characters of the passphrasethat have been selected by the party and reside in the one or morecharacter positions specified by the authorization code; and in responseto the input code, determining that the identity of the party isrecognized and granting the party access to resources.
 22. A method asdefined in claim 21, wherein the characters of the passphrase areselected by the party by selecting the characters of the passphrase thatreside in the one or more character positions according to an orderspecified by the ordered series.
 23. A method as defined in claim 21,wherein the step of displaying the passphrase to the party comprises thestep of transmitting the passphrase from a remote first device to theparty using a communication network.
 24. A method as defined in claim21, wherein the step of displaying the passphrase is conducted at afirst device, the method further comprising the step of transmitting theinput code over a communication network to a remote second device, thestep of determining that the identity of the party is recognized beingconducted at the remote second device.
 25. A method as defined in claim24, wherein the second device is associated with a financial institutionand the first device comprises a card reader for providing access tofinancial services to persons associated with the financial institution.26. A method as defined in claim 21, wherein the step of granting theparty access to resources comprises the step of permitting the party toenter at least a portion of a building.